Oracle Blog

Dan Mick's Weblog

Thursday Jun 21, 2007

Ever had your system constantly transmitting network packets, and had a hard time finding out who or why?

Recently my system was sending loads and loads of DNS requests for a system I knew not to be on the network (an old system of mine that had been decommissioned). I saw the DNS requests with snoop(1m), but had no idea which process was doing the job.

Enter dtrace. 15 seconds of experimentation: first, look to see if there
are functions being called with "udp" in their name:

dtrace -n 'fbt::\*udp\*:entry'

Yes, there certainly are. OK, modify the above to suppress the default print
with -q, and add what I'm interested in, straight out of built-in variables: